mailing list archives
Re: nmap snmp scanning
From: Kent Hundley <khundley () opnet com>
Date: Mon, 05 Dec 2011 11:58:42 -0500
Thanks for your response, but this doesn't seem to resolve my issue. If
I run that command, it will tell me that the SNMP port is open, but it
doesn't tell me which of the available SNMP strings a given device is
using (I have 3 possible strings in community.lst).
The command and output are below. I tried putting the community.lst file
in the same dir as the nmap exe as well as in the nselib/data dir where
the other lst files are located. Interestingly, I get the exact same
response if I put a single bogus entry in the community.lst file or even
if I run the command without the snmp-brute option at all. Its as if
nmap is not reading the community file at all.
D:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute
--script-args snmplist=community.lst 10.x.y.z
Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-05 16:46 GMT Standard Time
Nmap scan report for 10.x.y.z
Host is up (0.80s latency).
PORT STATE SERVICE
161/udp open snmp
Nmap done: 1 IP address (1 host up) scanned in 8.52 seconds
On 12/1/2011 9:51 PM, David Fifield wrote:
On Tue, Nov 29, 2011 at 07:53:43AM -0500, Kent Hundley wrote:
I am trying to run an nmap SNMP scan to do the following:
1) scan a range of IP's and tell me if the device responds to any of
a list of supplied SNMP community strings
2) report which of the available community strings the device responded to
I have read the online docs and tried using the syntax of the
provided examples but I cannot seem to get nmap to report which of
an available list of snmp strings a device is using. It reports that
SNMP is open, but it never tells me which snmp string is in use. Is
this possible with nmap and can someone give me an example of the
syntax required if it is?
It sounds like what you want is the snmp-brute script:
A usage example is:
nmap -sU -p161 --script snmp-brute --script-args snmplist=community.lst<target>
community.lst is a file containing the community names you want to try.
You can leave that argument off to use the default list.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/